[guardian-dev] usability testing of Gibberbot v11 alpha 4
Nathan of Guardian
nathan at guardianproject.info
Wed Feb 20 04:38:03 EST 2013
Matej Kovacic:
> I did some testing of Gibberbot v11 alpha 4. Here are the results with
> my some suggestions and remarks:
Wonderful! Thanks for the hard work. I believe we have addressed or or
intend to address everything you have pointed out. I am glad to have the
additional feedback to emphasize the importance.
A few comments:
1) When you select "use Tor", Gibberbot v11 should automatically modify
the account settings to NOT use SRV lookup and instead use
talk.google.com (or talk.l.google.com). We do this for any domain we
know about like jabber.org, jabber.ccc.de, gmail, or any google domain
account.
If this isn't working for you, then there is a bug!
2) Definitely agree on the per message indicator for whether it was
encrypted or not. In, fact for 2 years now we have had a design mockup
even, but haven't implemented it yet :(
https://github.com/guardianproject/Gibberbot/blob/master/doc/comps/20110415/gibberbot_ui_chat.png
I think v12 is the right time to get it done!
3) Regarding checking TLS/SSL certificates - we have done quite a bit to
harden the cert verification process, and even supporting a limited
"pinning" for domains like talk.google.com. We also support a new manual
verification process for certs we don't automatically trust, and a
pop-up will be displayed to ask if you would like to trust it. We are
using the excellent MemorizingTrustManager library for this:
https://github.com/ge0rg/MemorizingTrustManager
I *think* what you are asking for is to be able to check *every* cert
manually, either during first login, or at any time?
Otherwise, will take all of your feedback into consideration, and make
sure we have tickets for it in our project tracker.
All the best,
Nathan
More information about the Guardian-dev
mailing list